Data Protection & Privacy Policy

Cook Inspire Change CIC has to collect and use certain information about people with whom it works with in order to operate efficiently. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

Collection of Data on Website

By using this website, you (or whomever you use it on behalf of) are deemed to accept that this policy applies between you, a user of this website, and us, Cook Inspire Change CIC, the owner and provider of this website. This policy is applicable to our use of any and all data collected by us in relation to your use of the website and any services or systems in or from this website.

Whenever you use our website, the following information will be automatically collected in relation to your access: IP address originating access, web browser type/version used, operating system used, a list of the URLs you use (starting with a referring site), your activity on this website, and the site you exit to. You may access certain areas of the website without providing any other data at all. However, to use all services and systems available on the website you may be required to submit account information or other data. If you chose to submit data you hereby consent to our collection, storage and processing of any personal data (within the meaning of the Data Protection legislation), as outlined in this policy, including without limitation, any of the following:

  • your name, date of birth and/or gender;
  • your job title and profession;
  • contact information such as e-mail addresses, addresses (including postcodes) and telephone numbers;
  • demographic information such as preferences and interests;
  • financial information such as credit/debit card numbers.

Our Use of Data collected

We will store any data submitted for as long as you use the services and systems provided on the website and may store it for an additional period of up to 3 years.

Unless we are obliged or permitted by law to do so, and subject to the other provisions of this policy, data will not be disclosed to third parties other than our affiliates and/or other companies within our group.

All data is stored securely in accordance with the principles of the Data Protection legislation.

Any or all data may be required by us from time to time in order to provide you with the best possible service and experience when using our website, and in particular, data may be used by us for any of the following:

  • internal record keeping;
  • improvement of our products/services;
  • transmission by email of promotional materials that may be of interest to you;
  • contact for market research purposes which may be done using email or mail.
  • such information may be used to customise or update the website.

We may, from time to time, employ the services of other parties for dealing with matters that may include, but are not limited to, payment handling, delivery of purchased items, search engine facilities, advertising and marketing. The providers of such services may be granted access to certain data. Any data used by such parties is used only to the extent required by them to perform their services for us, and any other use will be strictly prohibited by us. Furthermore, any data that is processed by such third parties will be processed within the terms of this Policy and in accordance with the Data Protection legislation.

Email Marketing

If you have consented to receive email newsletters from us, we will only send you relevant content which you have signed up for at clearly specified intervals. We have made it easy to unsubscribe to marketing emails. We will not share your emails with anyone else. Please contact amy@4lunch.co.uk to amend your details or request to remove your details from our systems.

Access to your Data

You may access your account at any time to view or amend your data. You may need to modify or update your data if your circumstances change. Additional data as to your marketing preferences may also be stored and you may change this at any time. You have the right to ask us for a copy of your personal data.


Cookies are small text files containing an anonymous unique identifier, accessible only by the website that placed it there (and not by any other sites) which we may place on your computer when you visit certain parts of this website. We use cookies to allow us to identify recurring visitors and to analyse their browsing habits within the website, and (where e-commerce facilities are provided) cookies may be used to store your order and account details.

By default, your browser will accept cookies – however, this can be altered; for further details please consult the help menu in your browser. You have the choice to enable/disable cookies in your web browser. Your disablement of cookies may prevent you from using the full range of services available on the website.

You may also use your browser’s settings to delete cookies you formerly accepted – subject to losing any information that enables you to access the website more quickly.

Unless you have disabled or deleted them, you consent to our placing and accessing cookies on your computer.

General Data Protection Policy

Cook Inspire Change CIC adheres to the Principles of Data Protection as set out in the General Data Protection Regulation (GDPR) (EU) 2016/679, a regulation in EU law on data protection and privacy for all individuals within the European Union.

Our policy states that:

  • Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met
  • Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
  • Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
  • Personal data shall be accurate and, where necessary, kept up to date
  • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes
  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
  • Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data

Handling of personal/sensitive Information

The law provides conditions for the processing of any personal data. It also makes a distinction between personal data and ‘sensitive’ personal data.

Personal data is defined as, data relating to a living individual who can be identified from:

  • That data
  • That data and other information which is in the possession of the data controller and include an expression of opinion about the individual and any indication of the intentions of the data controller

Sensitive personal data is defined as personal data consisting of information as to:

  • Racial or ethnic origin
  • Political opinion
  • Religious or other beliefs
  • Trade union membership
  • Physical or mental health condition
  • Sexual life
  • Criminal convictions

Cook Inspire Change CIC will, through appropriate management and the use of strict criteria and controls:

  • Observe fully conditions regarding the fair collection and use of personal information
  • Meet its legal obligations to specify the purpose for which information is used
  • Collect and process appropriate information and only to the extent that is needed to fulfil operational needs or to comply with any legal requirements
  • Ensure the quality of information used
  • Apply strict checks to determine the length of time information is held
  • Take appropriate technical and organisational security measures to safeguard personal information
  • Ensure that personal information is not transferred abroad without suitable safeguards
  • Ensure that the rights of people about whom the information is held can be fully exercised under the Regulation. These include:
  • The right to be informed that processing is being undertaken
  • The right of access to one’s personal information within the statutory 40 days
  • The right the prevent processing in certain circumstances
  • The right to correct, rectify, block or erase information regarded as incorrect

In addition, Cook Inspire Change CIC will ensure that:

  • There is someone with specific responsibility for data protection in the organisation
  • Everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice
  • Everyone managing and handling personal information is appropriately trained to do so, or appropriately supervised
  • Anyone wanting to make enquiries about handling personal information, whether a team member or member of the public, knows what to do
  • Queries about handling personal information are promptly and courteously dealt with
  • Methods of handling personal information are regularly assessed and evaluated
  • Performance with handling personal information is regularly assessed and evaluated
  • Data sharing is carried out under a written agreement, setting out the scope and limits of the sharing. Any disclosure of personal data with be in compliance with approved procedures
  • Paper files and other records or documents containing personal/sensitive data are kept in a secure environment
  • Personal data held on computers and computer systems is protected by the use of secure passwords

All partners of Cook Inspire Change CIC must ensure that:

  • All their staff who have access to personal data are aware of this policy and are aware of their duties and responsibilities under the Regulation

Changes of Business Ownership and Control

We may, from time to time, expand or reduce our business and this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Data provided by users will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the data for the purposes for which it was supplied by you.

In the event that any data submitted by Users will be transferred in such a manner, you will not be contacted in advance and informed of the changes.

Changes to this Policy

We reserve the right to change this Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the website and you are deemed to have accepted the terms of the Policy on your first use of the website following the alterations.